refactoring (usage of constant names for attributes of authentication

check)
pull/1/head
Michael Peter Christen 11 years ago
parent b9d36e45e0
commit 7d6fc79eb8

@ -29,6 +29,7 @@ import net.yacy.cora.protocol.Domains;
import net.yacy.cora.protocol.RequestHeader;
import net.yacy.crawler.data.ResultImages;
import net.yacy.search.Switchboard;
import net.yacy.search.SwitchboardConstants;
import net.yacy.server.serverObjects;
import net.yacy.server.serverSwitch;
@ -95,7 +96,7 @@ public class Collage {
// check if this loads a page from localhost, which must be prevented to protect the server
// against attacks to the administration interface when localhost access is granted
if ((Domains.isLocal(baseURL.getHost(), null) || Domains.isLocal(imageURL.getHost(), null)) &&
sb.getConfigBool("adminAccountForLocalhost", false)) continue;
sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) continue;
final long z = imgZIndex[i];
prop.put("imgurl_list_" + c + "_url",

@ -55,7 +55,7 @@ public class ConfigAccounts_p {
UserDB.Entry entry = null;
// admin password
boolean localhostAccess = sb.getConfigBool("adminAccountForLocalhost", false);
boolean localhostAccess = sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
if (post != null && post.containsKey("setAdmin")) {
localhostAccess = Domains.isLocalhost(post.get("access", ""));
final String user = (post == null) ? "" : post.get("adminuser", "");
@ -66,22 +66,22 @@ public class ConfigAccounts_p {
if (user.length() > 0 && pw1.length() > 3 && pw1.equals(pw2)) {
// check passed. set account:
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1)));
env.setConfig("adminAccount", "");
env.setConfig("adminAccountUserName",user);
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME,user);
}
if (localhostAccess) {
sb.setConfig("adminAccountForLocalhost", true);
sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, true);
// if an localhost access is configured, check if a local password is given
// if not, set a random password
if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty()) {
// make a 'random' password
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "0000" + sb.genRandomPassword());
env.setConfig("adminAccount", "");
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
}
} else {
sb.setConfig("adminAccountForLocalhost", false);
sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").startsWith("0000")) {
// make shure that the user can still use the interface after a random password was set
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
@ -89,14 +89,14 @@ public class ConfigAccounts_p {
}
}
if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() && !env.getConfigBool("adminAccountForLocalhost", false)) {
if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() && !env.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
prop.put("passwordNotSetWarning", 1);
}
prop.put("localhost.checked", (localhostAccess) ? 1 : 0);
prop.put("account.checked", (localhostAccess) ? 0 : 1);
prop.put("statusPassword", localhostAccess ? "0" : "1");
prop.put("defaultUser", env.getConfig("adminAccountUserName", "admin"));
prop.put("defaultUser", env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin"));
//default values
prop.put("current_user", "newuser");

@ -234,7 +234,7 @@ public class ConfigBasic {
prop.put("setUseCase_repositoryPath", sb.getConfig("repositoryPath", "/DATA/HTROOT/repository"));
// check if values are proper
final boolean properPassword = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() > 0) || sb.getConfigBool("adminAccountForLocalhost", false);
final boolean properPassword = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() > 0) || sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
final boolean properName = (sb.peers.mySeed().getName().length() >= 3) && (!(Seed.isDefaultPeerName(sb.peers.mySeed().getName())));
final boolean properPort = (sb.peers.mySeed().isSenior()) || (sb.peers.mySeed().isPrincipal());

@ -93,8 +93,8 @@ public class SettingsAck_p {
}
// check passed. set account:
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1)));
env.setConfig("adminAccount", "");
env.setConfig("adminAccountUserName", user);
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, user);
prop.put("info", "5");//admin account changed
prop.putHTML("info_user", user);
return prop;

@ -131,14 +131,14 @@ public class Status
// password protection
if ( (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty())
&& (!sb.getConfigBool("adminAccountForLocalhost", false)) ) {
&& (!sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) ) {
prop.put("protection", "0"); // not protected
prop.put("urgentSetPassword", "1");
} else {
prop.put("protection", "1"); // protected
}
if ( sb.getConfigBool("adminAccountForLocalhost", false) ) {
if ( sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) ) {
prop.put("unrestrictedLocalAccess", 1);
}

@ -33,6 +33,7 @@ import net.yacy.cora.document.id.MultiProtocolURL;
import net.yacy.cora.protocol.Domains;
import net.yacy.data.UserDB.AccessRight;
import net.yacy.search.Switchboard;
import net.yacy.search.SwitchboardConstants;
import org.eclipse.jetty.http.HttpSchemes;
import org.eclipse.jetty.security.RoleInfo;
@ -168,7 +169,7 @@ public class Jetty8YaCySecurityHandler extends SecurityHandler {
@Override
protected RoleInfo prepareConstraintInfo(String pathInContext, Request request) {
final Switchboard sb = Switchboard.getSwitchboard();
final boolean adminAccountForLocalhost = sb.getConfigBool("adminAccountForLocalhost", false);
final boolean adminAccountForLocalhost = sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false);
//final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, "");
String refererHost;

@ -26,6 +26,7 @@ package net.yacy.http;
import net.yacy.cora.order.Base64Order;
import net.yacy.cora.order.Digest;
import org.eclipse.jetty.util.security.Credential;
@ -39,7 +40,7 @@ public class YaCyLegacyCredential extends Credential {
private String hash;
private String foruser; // remember the user as YaCy credential is username:pwd (not just pwd)
private boolean isBase64enc; // remember hash encoding false = encodeMD5Hex(usr:pwd) ; true = encodeMD5Hex(Base64Order.standardCoder.encodeString(usr:pw))
/**
* internal hash function
*
@ -54,11 +55,9 @@ public class YaCyLegacyCredential extends Credential {
public boolean check(Object credentials) {
if (credentials instanceof String) {
final String pw = (String) credentials;
if (isBase64enc) { // for adminuser
return calcHash(foruser + ":" + pw).equals(this.hash);
} else { // for user
return Digest.encodeMD5Hex(foruser + ":" + pw).equals(this.hash);
}
if (isBase64enc) return calcHash(foruser + ":" + pw).equals(this.hash); // for admin user
// normal users
return Digest.encodeMD5Hex(foruser + ":" + pw).equals(this.hash);
}
throw new UnsupportedOperationException();
}
@ -70,8 +69,8 @@ public class YaCyLegacyCredential extends Credential {
*/
public static Credential getCredentialsFromConfig(String username, String configHash) {
YaCyLegacyCredential c = new YaCyLegacyCredential();
c.foruser=username;
c.isBase64enc=true;
c.foruser = username;
c.isBase64enc = true;
c.hash = configHash;
return c;
}
@ -84,9 +83,9 @@ public class YaCyLegacyCredential extends Credential {
*/
public static Credential getCredentials(String username, String configHash) {
YaCyLegacyCredential c = new YaCyLegacyCredential();
c.foruser=username;
c.isBase64enc = false;
c.hash = configHash;
c.foruser = username;
c.isBase64enc = false;
c.hash = configHash;
//c.hash = calcHash(user + ":" + password);
return c;
}

@ -49,7 +49,7 @@ public class YaCyLoginService extends MappedLoginService {
// TODO: implement legacy credentials
final Switchboard sb = Switchboard.getSwitchboard();
String adminuser = sb.getConfig("adminAccountUserName", "admin");
String adminuser = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
if (username.equals(adminuser)) {
final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
// in YaCy the credential hash is composed of username:pwd so the username is needed to create valid credential
@ -66,23 +66,22 @@ public class YaCyLoginService extends MappedLoginService {
subject.setReadOnly();
IdentityService is = getIdentityService();
return is.newUserIdentity(subject, userPrincipal, new String[]{AccessRight.ADMIN_RIGHT.toString()});
} else { // get user data from UserDB
Entry user = sb.userDB.getEntry(username);
if (user != null) {
if (user.hasRight(AccessRight.ADMIN_RIGHT)) {
String[] role = new String[]{AccessRight.ADMIN_RIGHT.toString()};
}
Entry user = sb.userDB.getEntry(username);
if (user != null) {
if (user.hasRight(AccessRight.ADMIN_RIGHT)) {
String[] role = new String[]{AccessRight.ADMIN_RIGHT.toString()};
Credential credential = YaCyLegacyCredential.getCredentials(username, user.getMD5EncodedUserPwd());
Principal userPrincipal = new MappedLoginService.KnownUser(username, credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
subject.setReadOnly();
IdentityService is = getIdentityService();
Credential credential = YaCyLegacyCredential.getCredentials(username, user.getMD5EncodedUserPwd());
Principal userPrincipal = new MappedLoginService.KnownUser(username, credential);
Subject subject = new Subject();
subject.getPrincipals().add(userPrincipal);
subject.getPrivateCredentials().add(credential);
subject.setReadOnly();
IdentityService is = getIdentityService();
return is.newUserIdentity(subject, userPrincipal, role);
}
}
return is.newUserIdentity(subject, userPrincipal, role);
}
}
return null;
}

@ -234,9 +234,9 @@ public class migration {
public static void presetPasswords(final Switchboard sb) {
// set preset accounts/passwords
String acc;
if ((acc = sb.getConfig("adminAccount", "")).length() > 0) {
if ((acc = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT, "")).length() > 0) {
sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(acc)));
sb.setConfig("adminAccount", "");
sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
}
// fix unsafe old passwords

@ -208,6 +208,7 @@ import net.yacy.utils.UPnP;
import net.yacy.utils.crypt;
import com.google.common.io.Files;
import net.yacy.http.YaCyHttpServer;
@ -886,7 +887,7 @@ public final class Switchboard extends serverSwitch {
// that an automatic authorization of localhost is done, because in this case crawls from local
// addresses are blocked to prevent attack szenarios where remote pages contain links to localhost
// addresses that can steer a YaCy peer
if ( !getConfigBool("adminAccountForLocalhost", false) ) {
if ( !getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) ) {
if ( getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").startsWith("0000") ) {
// the password was set automatically with a random value.
// We must remove that here to prevent that a user cannot log in any more
@ -2056,11 +2057,11 @@ public final class Switchboard extends serverSwitch {
}
// set a random password if no password is configured
if ( getConfigBool("adminAccountForLocalhost", false)
if ( getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)
&& getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() ) {
// make a 'random' password
setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "0000" + this.genRandomPassword());
setConfig("adminAccount", "");
setConfig(SwitchboardConstants.ADMIN_ACCOUNT, "");
}
// stop greedylearning if limit is reached
@ -3242,7 +3243,7 @@ public final class Switchboard extends serverSwitch {
// authorization for localhost, only if flag is set to grant localhost access as admin
final boolean accessFromLocalhost = requestHeader.accessFromLocalhost();
if ( getConfigBool("adminAccountForLocalhost", false) && accessFromLocalhost ) {
if ( getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) && accessFromLocalhost ) {
adminAuthenticationLastAccess = System.currentTimeMillis();
return 3; // soft-authenticated for localhost
}

@ -41,8 +41,11 @@ public final class SwitchboardConstants {
* <p>Name of the setting holding the authentication hash for the static <code>admin</code>-account. It is calculated
* by first encoding <code>username:password</code> as Base64 and hashing it using {@link MapTools#encodeMD5Hex(String)}.</p>
*/
public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5";
public static final String ADMIN_ACCOUNT = "adminAccount";
public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5";
public static final String ADMIN_ACCOUNT_USER_NAME = "adminAccountUserName"; // by default 'admin'
public static final String ADMIN_ACCOUNT_FOR_LOCALHOST = "adminAccountForLocalhost";
public static final int CRAWLJOB_SYNC = 0;
public static final int CRAWLJOB_STATUS = 1;
// 20_dhtdistribution

@ -355,7 +355,7 @@ public final class yacy {
final boolean browserPopUpTrigger = sb.getConfig(SwitchboardConstants.BROWSER_POP_UP_TRIGGER, "true").equals("true");
if (browserPopUpTrigger) try {
final String browserPopUpPage = sb.getConfig(SwitchboardConstants.BROWSER_POP_UP_PAGE, "ConfigBasic.html");
//boolean properPW = (sb.getConfig("adminAccount", "").isEmpty()) && (sb.getConfig(httpd.ADMIN_ACCOUNT_B64MD5, "").length() > 0);
//boolean properPW = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT, "").isEmpty()) && (sb.getConfig(httpd.ADMIN_ACCOUNT_B64MD5, "").length() > 0);
//if (!properPW) browserPopUpPage = "ConfigBasic.html";
Browser.openBrowser(("http://localhost:"+port) + "/" + browserPopUpPage);
// Browser.openBrowser((server.withSSL()?"https":"http") + "://localhost:" + serverCore.getPortNr(port) + "/" + browserPopUpPage);

Loading…
Cancel
Save